krb5 and PRNGs
Sam Hartman
hartmans at MIT.EDU
Fri Sep 24 10:48:49 EDT 2010
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at oracle.com> writes:
Nicolas> There's simply no reason that /dev/urandom on any OS
Nicolas> couldn't be a decent PRNG with a seed taken from
Nicolas> /dev/random (at boot time and/or at shutdown time). In
Nicolas> particular, a /dev/urandom that is not at least a decent
Nicolas> PRNG, however seeded, is a disaster.
I agree with you. However, I've seen no arguments that any of the
common OS PRNGs are in fact PRNgs that don't depend on things like the
random oracle assumption.
More information about the krbdev
mailing list